If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Netstat

Netstat

Netstat is a program used to see what protocols, local and remote ports your computer is using and open to the Internet. Netstat can also be used to find your own IP address
To get to netstat in windows 98/2000 and Xp
Click on start\programs\Accessories then click on command prompt

When the command prompt opens, it brings up a black box and what you will see on the screen is the following
Yours will be different if you use windows 2000 or 98 the switches listed below will work on all of them

Netstat uses these following Switches [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]
(To bring this help screen up at the comand prompt type Netstat ? and this will bring up the list you see below)
I will explain what each one does

Code:

-a Shows all connections and listening ports.
-e Shows Ethernet sending and receiving
-n Shows addresses and port numbers in a series of numbers
-o shows the owner process Identfication Linked with each connection.
-p proto shows the connections for the protocol specified by proto
Proto may be TCP or UDP, If it is used with the -s switch it will show the protocol Results
-r shows the routing table.
-s Displays per-protocol results. by default the results are
Shown for IP, IPv6, ICMP, TCP, UDP
The -p option may be used to specify a subset of the default.
Interval This refreshes selected results, pausing for a specified number of seconds
Example Netstat –a 10
this will refresh the display every 10 seconds Between the next display to stop refreshing the results. Press CTRL+C

The following ports that you will see on your screen may be different because of various programs you may have running at the time. The foreign addresses are blank due to the fact that this session of netstat was run while off line

TCP stands for Transmission Control Protocol is one of the main protocols in TCP/IP networks. Tcp enables two hosts to make a connection and exchange streams of data. TCP guarantees delivery of data and makes sure that packets will be delivered in the same order in which they were sent

UDP stands for User Datagram Protocol is a connectionless protocol that runs on top of IP networks, UDP/IP gives very few error recovery services, it instead provides a direct way to send and receive datagrams over an IP network.

The name proto is short for protocol this shows you what protocol(s) that is currently being used by the open socket
The local address is the name of the computer that you are using
The foreign address contains the web site you are currently connected to
The state tells you what the status of the connection is
This is a list of States and their definitions

Code:

State What it means
Closed No connection is between your computer and the remote host
Closing Your computer and the computer you have connected to have agreed to close the connection
close_wait The remote computer has started to close the connection
Established There is a connection between you and the remote computer
Fin_wait 1 The software program using the connection has finished using the connection
Fin_wait 2 The remote computer has started to close the connection
Last ack The connection is waiting for all of the data packets
Listen Your computer is listening for a connection
Sin received The remote computer is sending you a request for a connection
Sin sent Your computer has started to open the connection
Last ack It is the same as last the ack

I wanted to add 1 thing.............. in the post u will find :: about the PC listening to a port. ::
If u find ur PC listening to a port could be a trojan.... so I recoment scaning the PC if u find the pc listening to unusual ports......

even if it is a remote posibilty..... try to find a list of Trogan ports.... & look throu them to C if ur pc is infected..... this is wt the commertial.... Anti-trogan progs do..... it will take u 10min but it will save ya 50$+ on a good anti-trogan

[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

Nice Post/Turorial. But a question. I've Windows2k Pro on my machine. Listing netstats help doesn't give me the '-o' option. I get all the rest of the switches, but -o isn't listed. Tried using it, and it shows up as an invalid switch. Anyone has the same problem?